Commit Graph

341453 Commits

Author SHA1 Message Date
Lucas Savva
377c6bcefc
nixos/acme: Add defaults and inheritDefaults option
Allows configuring many default settings for certificates,
all of which can still be overridden on a per-cert basis.
Some options have been moved into .defaults from security.acme,
namely email, server, validMinDays and renewInterval. These
changes will not break existing configurations thanks to
mkChangedOptionModule.

With this, it is also now possible to configure DNS-01 with
web servers whose virtualHosts utilise enableACME. The only
requirement is you set `acmeRoot = null` for each vhost.

The test suite has been revamped to cover these additions
and also to generally make it easier to maintain. Test config
for apache and nginx has been fully standardised, and it
is now much easier to add a new web server if it follows
the same configuration patterns as those two. I have also
optimised the use of switch-to-configuration which should
speed up testing.
2021-12-26 16:44:10 +00:00
Lucas Savva
a7f0001328
nixos/acme: Check for revoked certificates
Closes #129838

It is possible for the CA to revoke a cert that has not yet
expired. We must run lego to validate this before expiration,
but we must still ignore failures on unexpired certs to retain
compatibility with #85794

Also changed domainHash logic such that a renewal will only
be attempted at all if domains are unchanged, and do a full
run otherwises. Resolves #147540 but will be partially
reverted when go-acme/lego#1532 is resolved + available.
2021-12-26 16:44:09 +00:00
Lucas Savva
87403a0b07
nixos/acme: Add a human readable error on run failure
Closes NixOS/nixpkgs#108237

When a user first adds an ACME cert to their configuration,
it's likely to fail to renew due to DNS misconfig. This is
non-fatal for other services since selfsigned certs are
(usually) put in place to let dependant services start.
Tell the user about this in the logs, and exit 2 for
differentiation purposes.
2021-12-26 16:44:08 +00:00
Lucas Savva
a88d846b91
nixos/acme: Remove selfsignedDeps from finished targets
selfsignedDeps is already appended to the after and wants
of a cert's renewal service, making these redundant.

You can see this if you run the following command:
systemctl list-dependencies --all --reverse acme-selfsigned-mydomain.com.service
2021-12-26 16:44:07 +00:00
Bernardo Meurer
52c1d49b71
Merge pull request #152058 from r-ryantm/auto-update/klipper
klipper: unstable-2021-12-02 -> unstable-2021-12-24
2021-12-26 16:31:26 +00:00
Mario Rodas
42aefef238
Merge pull request #151787 from r-ryantm/auto-update/shadowsocks-rust
shadowsocks-rust: 1.12.4 -> 1.12.5
2021-12-26 11:28:26 -05:00
Mario Rodas
c2dc374df0
Merge pull request #152215 from r-ryantm/auto-update/tflint
tflint: 0.34.0 -> 0.34.1
2021-12-26 11:28:04 -05:00
Bernardo Meurer
60b29ec731
Merge pull request #151139 from TredwellGit/firmwareLinuxNonfree
firmwareLinuxNonfree: 20211027 -> 20211216
2021-12-26 16:22:25 +00:00
Bobby Rong
fa5e153653
Merge pull request #152231 from bobby285271/vala-lint
vala-lint: unstable-2021-02-17 -> unstable-2021-11-18
2021-12-26 23:02:23 +08:00
Pavol Rusnak
3f50bcc917
Merge pull request #149912 from prusnak/python3-trezor
python3Packages.trezor: 0.12.4 -> 0.13.0
2021-12-26 15:39:53 +01:00
Pavol Rusnak
9591b406c4
Merge pull request #152224 from TredwellGit/electron
Update Electron
2021-12-26 15:28:28 +01:00
ajs124
d398a58def
Merge pull request #151661 from r-ryantm/auto-update/wrk
wrk: 4.1.0 -> 4.2.0
2021-12-26 15:09:44 +01:00
ajs124
648f7f2a63
Merge pull request #151581 from symphorien/xapian-update-3
dovecot_fts_xapian: 1.4.14 -> 1.5.2
2021-12-26 15:06:38 +01:00
ajs124
89ab1a6425
Merge pull request #151754 from r-ryantm/auto-update/sope
sope: 5.3.0 -> 5.4.0
2021-12-26 15:00:21 +01:00
Bobby Rong
729053d2e8
vala-lint: unstable-2021-02-17 -> unstable-2021-11-18 2021-12-26 21:59:46 +08:00
Fabian Affolter
886a19da65
Merge pull request #152202 from fabaff/bump-checkov
checkov: 2.0.690 -> 2.0.692
2021-12-26 14:12:44 +01:00
ajs124
cfcbe0d16d sogo: 5.3.0 -> 5.4.0 2021-12-26 13:51:06 +01:00
TredwellGit
f3a39a335f electron_16: 16.0.4 -> 16.0.5
https://github.com/electron/electron/releases/tag/v16.0.5
2021-12-26 12:29:06 +00:00
TredwellGit
760cec731e electron_15: 15.3.3 -> 15.3.4
https://github.com/electron/electron/releases/tag/v15.3.4
2021-12-26 12:28:34 +00:00
TredwellGit
6c011c17a0 electron_14: 14.2.2 -> 14.2.3
https://github.com/electron/electron/releases/tag/v14.2.3
2021-12-26 12:28:14 +00:00
7c6f434c
ea7b03bf80
Merge pull request #152208 from 7c6f434c/monotone-pin-boost-170
monotone: ping boost_170 to fix build
2021-12-26 11:44:08 +00:00
Bobby Rong
f5dd11f444
Merge pull request #150357 from r-ryantm/auto-update/acpid
acpid: 2.0.32 -> 2.0.33
2021-12-26 19:31:20 +08:00
R. Ryantm
f313995768 tflint: 0.34.0 -> 0.34.1 2021-12-26 11:29:08 +00:00
Bobby Rong
24dfe901e5
Merge pull request #151511 from r-ryantm/auto-update/frugal
frugal: 3.14.10 -> 3.14.11
2021-12-26 19:19:57 +08:00
Vladimír Čunát
8de62ec192
Merge #148163: uwsgi: fix with php 8, bump to 2.0.20 2021-12-26 12:18:51 +01:00
Bobby Rong
b240efeea6
Merge pull request #151967 from r-ryantm/auto-update/steampipe
steampipe: 0.10.0 -> 0.11.0
2021-12-26 19:03:44 +08:00
Bobby Rong
75f0630226
Merge pull request #152144 from r-ryantm/auto-update/libtraceevent
libtraceevent: 1.4.0 -> 1.5.0
2021-12-26 18:59:38 +08:00
Bobby Rong
345460519a
Merge pull request #152146 from r-ryantm/auto-update/libplctag
libplctag: 2.4.6 -> 2.4.7
2021-12-26 18:59:06 +08:00
Bobby Rong
138815ad64
Merge pull request #152172 from r-ryantm/auto-update/alfis
alfis: 0.6.9 -> 0.6.10
2021-12-26 18:33:32 +08:00
Michael Raskin
388b7ecfa0 monotone: ping boost_170 to fix build 2021-12-26 11:19:08 +01:00
Bobby Rong
26b19877bf
Merge pull request #152206 from andreasfelix/vala-language-server-0.48.4
vala-language-server: 0.48.3 → 0.48.4
2021-12-26 17:34:37 +08:00
udf
e159658bf5 nicotine-plus: 3.1.1 -> 3.2.0 2021-12-26 10:27:32 +01:00
udf
896259096e nicotine-plus: Fix crash when opening file dialog, closes #142014 2021-12-26 10:27:32 +01:00
Fabian Affolter
7ecb4299a7 checkov: 2.0.690 -> 2.0.692 2021-12-26 10:02:31 +01:00
Felix Andreas
40545515e5 vala-language-server: 0.48.3 → 0.48.4 2021-12-26 08:53:42 +00:00
Vincent Laporte
6fcc9f249f ocamlPackages.ocaml-migrate-parsetree-2: 2.2.0 → 2.3.0 2021-12-26 09:51:00 +01:00
Vladimír Čunát
fd0df9f56f
Merge #152166: cffi: disable tests on aarch64-darwin 2021-12-26 09:41:27 +01:00
Bobby Rong
4e6d70e625
Merge pull request #152134 from r-ryantm/auto-update/lsp-plugins
lsp-plugins: 1.1.30 -> 1.1.31
2021-12-26 16:05:12 +08:00
Felix Buehler
fedde5d24f woeusb-ng: init at 0.2.10 2021-12-26 08:45:17 +01:00
Bobby Rong
f016dd04c7
Merge pull request #152182 from legendofmiracles/update/tmpail
tmpmail: 1.1.4 -> 1.1.9
2021-12-26 14:09:28 +08:00
adisbladis
f8024fe9a5
Merge pull request #152184 from lionello/update-poetry2nix
poetry2nix: 1.21.0 -> 1.22.0
2021-12-26 18:00:59 +12:00
Ben Siraphob
14fc00eddc
Merge pull request #152185 from siraben/deadpixi-sam-update 2021-12-26 12:37:45 +07:00
Bobby Rong
b15164af88
Merge pull request #151360 from wishfort36/master
tiramisu: unstable-2021-05-20 -> 2.0.20211107
2021-12-26 13:33:47 +08:00
Bobby Rong
bcb5b72442
Merge pull request #151962 from r-ryantm/auto-update/clapper
clapper: 0.4.0 -> 0.4.1
2021-12-26 13:21:35 +08:00
Dmitry Kalinkin
87cf1dd1b2
Merge pull request #152010 from fgaz/warzone2100/4.2.4
warzone2100: 4.2.3 -> 4.2.4, add version test
2021-12-26 00:20:35 -05:00
Dmitry Kalinkin
cedc24590b
Merge pull request #151903 from prusnak/qt5-darwin-stdenv
qt5{12,14,15}: use default stdenv on darwin
2021-12-26 00:17:44 -05:00
Bobby Rong
0b19ab7f6e
Merge pull request #151472 from r-ryantm/auto-update/last-resort
last-resort: 13.001 -> 14.000
2021-12-26 13:17:06 +08:00
Bobby Rong
4c5906c948
Merge pull request #151707 from r-ryantm/auto-update/tgt
tgt: 1.0.80 -> 1.0.81
2021-12-26 13:07:12 +08:00
Ben Siraphob
10bca26212
deadpixi-sam-unstable: 2017-10-27 -> 2020-07-14 2021-12-26 11:54:31 +07:00
Bobby Rong
77116ca839
tgt: update meta.homepage 2021-12-26 12:51:59 +08:00